Protecting sensitive information and critical systems
Through the first decade of the 21st century, physical barriers, gates and controlled access points were the primary source of protection for crucial data and industrial systems. While these protective measures are still an essential part of security, they are no longer sufficient. The growth of connected systems has created openings to access critical control and data acquisition systems (SCADA). "If a single malicious person gains access to a control system, they can give orders that may have tragic consequences." worries Eric Zamaï, a research at the G-SCOP laboratory. To illustrate this threat, he highlights the famous Stuxnet computer worm that was used to attack Iran's nuclear program.
Cybersecurity measures must be implemented to protect industrial sites as well as critical infrastructure such as electrical grids, hospitals and nuclear reactors. These protective actions include firewalls, passwords and data encryption. Experts are also adding surveillance programs to supervise and check system activities. Researchers at the G-SCOP and Gipsa-Lab are working to create protocols capable of detecting potential attacks by checking for behavioral anomalies. "This requires a deep understanding of the system's activity." underlines Eric Zamaï. It is essential to supervise the entire chain of interactions, including the control system, automated systems and computer terminals. At the G2E-Lab, Raphael Caire is working on protecting electrical grids by understanding and countering a grid's reliance on communications networks and IT systems. "The lab developed a platform that allows us to simulate the interactions between a variety of systems and software. Our starting point is the assumption that a network has already been hacked. We then try to find the most effective solution to counter a given attack." In working to protect critical systems, the strength of Grenoble INP lies in its ability to call upon experts from a wide variety of fields.